Event-Handler triggering

matthewr · September 6, 2019, 6:52pm

My first attempt at using event-handler has not worked well. The objective is to run a script when the interface pppoe0 comes up. The settings are:-

vyos@ha-r01a# sh system event-handler
feed syslog {
policy syslog
source {
preset syslog
}
}
policy syslog {
event pppoeup {
pattern “ip-up finished”
run /config/scripts/pppoeup
}
}

However, the syslog entry:-
Sep 6 19:13:34 ha-r01a pppd[12309]: Script /etc/ppp/ip-up finished (pid 15473), status = 0x0
does not seem to trigger the script.

Manually running:-
sg vyattacfg -c /config/scripts/pppoeup
does run the script and makes the config changes in it.

I notice that /etc/eventwatchd/eventwatchd.conf contains:-
feed name=“syslog” type=“fifo” source="/var/log/syslog.pipe" policy=“syslog”

where syslog.pipe does not exist, and wonder whether this might be relevant.

Looking for event-handler examples and the like produces very few examples, and any guidance would be appreciated.

With many thanks,
Matthew

Dmitry · September 7, 2019, 11:08am

Hello @matthewr, did you have executable script /config/scripts/pppoeup? Pipe file /var/log/syslog.pipe will created after successfully configuration event-handler
you can try example:
sudo touch /config/scripts/pppoeup
sudo chmod 775 /config/scripts/pppoeup

set system event-handler feed syslog policy 'MyPolicy'
set system event-handler feed syslog source preset syslog
set system event-handler policy MyPolicy event MyEvent pattern 'ppp0'
set system event-handler policy MyPolicy event MyEvent run '/config/scripts/pppoeup'

After commit you need look at log show log tail 100 and check for errors and warning. Also you can check pipe file sudo cat /var/log/syslog.pipe. If file exist, just try connect pppoe and do not interrupt sudo cat /var/log/syslog.pipe command

matthewr · September 7, 2019, 12:40pm

Dear @Dmitry, thank you for your most helpful reply. The absence of syslog.pipe was because eventwatchd had not started correctly. The script was correctly chmodded and simply deleting and re-creating the event-handler left syslog.pipe present and eventwatchd running.

However, the script was not being triggered.

As you suggested, I did a “sudo cat /var/log/syslog.pipe” whilst disconnecting the pppoe on an upstream switch, waiting, and then reconnecting it. What was appearing in syslog.pipe was only a small part of what was later seen in /var/log/messages. In particular, it seemed to stop logging altogether as the pppoe reconnected. Thus the matching string was not in syslog.pipe and therefore the script was not run.

If it helps, I have the console output showing both the cat of syslog.pipe and the whole of messages. The router is running 1.2.2 on KVM.

What further troubleshooting would you suggest? I could probably provide access to the router from a static IP if it would help.

Best wishes,
Mathew

Dmitry · September 7, 2019, 1:53pm

I think you can try change syslog facility for eventwatch
sudo nano /etc/rsyslog.d/eventwatch-log.conf
replace to
*.* |/var/log/syslog.pipe
and restart rsyslog
sudo /etc/init.d/rsyslog restart

matthewr · September 7, 2019, 3:46pm

Dear @Dmitry, thanks for that suggestion which does cause the script to be triggered and to run.

However (sorry for another however!), afterwards the config is not editable, for example:-

vyos@ha-r01a# sh system event-handler
feed syslog {
policy syslog
source {
preset syslog
}
}
policy syslog {
event pppoeup {
pattern “ip-up finished”
run /config/scripts/pppoeup
}
}
[edit]
itconsult@ha-r01a.itconsult.net# del system event-handler

Failed to delete specified config path
Delete failed

My suspicion is that the script did not run the config change as the correct user, the logs showing:-

Sep 7 16:13:03 ha-r01a commit: Successful change to active configuration by user root on unknown
Sep 7 16:13:03 ha-r01a eventwatchd: Event “pppoeup” caught in feed “syslog”, command “/config/scripts/pppoeup” executed"

Is my diagnosis correct and, if so, what should be done to remedy it? The script itself comprises:-

vyos@ha-r01a:~$ sudo cat /config/scripts/pppoeup
#!/bin/vbash
source /opt/vyatta/etc/functions/script-template
configure
delete protocols static table 1 interface-route 0.0.0.0/0
commit
set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface pppoe0
commit
exit

Best wishes,
Matthew

Dmitry · September 7, 2019, 5:42pm

Hm, this issue reproduced only after running vbash script. Reboot can fix this, but I think need create task in phabricator.
upd://I found same task ⚓ T945 Unable to change configuration after changing it from script (vbash + script-template)

Dmitry · September 7, 2019, 8:25pm

@matthewr, you can try add some code, to vbash script, it must fix problem.

#!/bin/vbash
if [ $(id -gn) != vyattacfg ]; then
    exec sg vyattacfg "$0 $*"
fi 
source /opt/vyatta/etc/functions/script-template
configure
delete protocols static table 1 interface-route 0.0.0.0/0
commit
set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface pppoe0
commit
exit

@runar thank you for solution.

matthewr · September 8, 2019, 5:42pm

Dear @Dmitry, that adjusted script does work - thank you most kindly!

When recreating the event-handler, eventwatch-log.conf gets overwritten. Should a Phabricator task be filed for that issue (not all syslog going to event-handler)? Is the user also a bug needing fixing, or a feature requiring setting of the group as described?

Best wishes,
Matthew

Dmitry · September 8, 2019, 5:55pm

I think it possible create task with feature request for adding facility for event handler.